package com.mall.security.common.adapter;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsUtils;

@Configuration
@EnableWebSecurity
public class MyWebSecurityConfigurerAdapter {

/* http.csrf().disable().cors()
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .and()
                .authorizeRequests().requestMatchers(
                        "/**").permitAll().and().build();*/
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
        // We don't need CSRF for token based authentication
        return http.csrf(csrf->csrf.disable())// 禁用CSRF保护
                .sessionManagement(session->session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeRequests() // 开始配置URL授权
                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()// 允许所有预检请求
                .and()
                .authorizeRequests()
                .requestMatchers(
                        "/**").permitAll()// 允许所有请求
                .and()
                .build();

    }
}
